rpms/keylime
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Proper exception handling in tornado_requests

Browse Source 
Fixes: CVE-2022-3500
This commit is contained in:
Sergio Correia 2022-12-08 12:12:55 -03:00
parent 2ff4a57711
commit 39928f5149
No known key found for this signature in database
GPG Key ID: D0D219ED1F7E762C
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0001-Proper-exception-handling-in-tornado_requests.patch Normal file
View File

@ -0,0 +1,37 @@
From 6c015819dffaafd6450916ac3028b446e9e36313 Mon Sep 17 00:00:00 2001
From: George Almasi <gheorghe@us.ibm.com>
Date: Sat, 8 Oct 2022 14:10:00 +0000
Subject: [PATCH] Proper exception handling in tornado_requests
Signed-off-by: George Almasi <gheorghe@us.ibm.com>
---
keylime/tornado_requests.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/keylime/tornado_requests.py b/keylime/tornado_requests.py
index 67c03ab..9485c33 100644
--- a/keylime/tornado_requests.py
+++ b/keylime/tornado_requests.py
@@ -32,7 +32,6 @@ async def request(method, url, params=None, data=None, context=None, headers=Non
except httpclient.HTTPError as e:
if e.response is None:
return TornadoResponse(500, str(e))
-
return TornadoResponse(e.response.code, e.response.body)
except ConnectionError as e:
return TornadoResponse(599, f"Connection error: {str(e)}")
@@ -40,8 +39,10 @@ async def request(method, url, params=None, data=None, context=None, headers=Non
return TornadoResponse(599, f"SSL connection error: {str(e)}")
except OSError as e:
return TornadoResponse(599, f"TCP/IP Connection error: {str(e)}")
+ except Exception as e:
+ return TornadoResponse(599, f"General communication failure: {str(e)}")
if response is None:
- return None
+ return TornadoResponse(599, "Unspecified failure in tornado (empty http response)")
return TornadoResponse(response.code, response.body)
--
2.38.1

2
keylime.spec
View File

@ -18,6 +18,8 @@ Source1: %{srcname}.sysusers
# The selinux policy for keylime is distributed via this repo: https://github.com/RedHat-SP-Security/keylime-selinux
Source2: https://github.com/RedHat-SP-Security/%{name}-selinux/archive/v%{policy_version}/keylime-selinux-%{policy_version}.tar.gz
Patch: 0001-Proper-exception-handling-in-tornado_requests.patch
# Main program: BSD
# Icons: MIT
License: ASL 2.0 and MIT